MEDIUM
priyanshuchaudhary
CVE published 2026-07-10
CVE-2026-12400
The FlowForms – Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference, allowing authenticated attackers with contributor-level access to modify forms, including those owned by administrators, by supplying an arbitrary form ID in the REST URL. This vulnerability has a CVSS score of 4.3 and is classified as MEDIUM severity. The plugin's vulnerability allows for p [truncated]